[Samba] Re: Win2k TS authentication probs / pw changing probs
Andrew Bartlett
abartlet at samba.org
Fri Jul 12 20:47:45 GMT 2002
Robert Stuart wrote:
>
> Hi,
>
> We are having problems with clients changing their passwords from Win2k
> Terminal Servers against a Samba PDC. It works fine if the machine only
> has few users on it (ie when testing at 6pm after almost everyone is
> gone - I find it difficult to break).
>
> I'm guessing there is some sort of race condition or resource locking
> going on that prevents it happening properly.
Probably resource locking. If its a busy server, it is possible that
the smbpasswd file is always locked. smbpasswd locking is messy - I
would suggest a move to ldap or tdbsam. Hmm, if you are already using
LDAP then this probably isn't the problem.
> As I didn't get any responses to my previous email re this, I'm getting
> desparate and going to look at the source :-)
>
> Can someone (perhaps Andrew Bartlett) give me a general run down on how
> pw changing happens?
- User requests password change
- password change is authenticated (they prove they knew the old
password)
- new password is read, unix password sync is done (and that can be even
worse locking wise)
- smbpasswd/tdbsam/ldap (whatever you use for your passdb) is updated.
This may also require locks.
> Starter question: w.t.? are the *user_info_* and other simliar
> functions/structures about?
In 2.2? I can't even remember then being there - you are going to have
to point out exactly what you are talking about.
> Config:
> Rh7.3 with rebuilt 2.2.5 rpm for ldapsam support and smbd/conn.c
> modified MAX_CONNECTIONS param. openldap 2.0.23 with dbm backend, Win2K
> SP2 with Citrix.
There really should not be locking issues with this - you will need to
dig a bit deeper I think.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list